Deploy Collection Policies for AI Interaction Locations

Implementation Effort: Low – Collection policies are deployed through the DSPM for AI console with minimal configuration; extending coverage to enterprise AI apps may require coordination with network teams if third-party SASE/SSE providers are in use.
User Impact: Medium – Prompts and responses flowing through covered AI locations are captured for compliance review, which may affect user expectations around privacy and data handling for both Copilot and enterprise AI apps.

Overview

Collection policies in Microsoft Purview capture the prompts and responses from AI interactions so that compliance, legal, and security teams can audit what users and agents are sending to and receiving from AI services. These policies must cover all AI interaction locations in the environment — not just Microsoft 365 Copilot experiences, but also enterprise AI apps including third-party LLM platforms, custom AI applications, and SaaS products with embedded generative AI capabilities. Deploying collection policies across all AI locations ensures that the organization has a complete, auditable record of AI interactions regardless of which AI service generated them.

For Microsoft 365 Copilot experiences, collection policies capture interactions across M365 Copilot, Copilot in Edge, and other first-party surfaces. The policy defines what interaction data is collected — prompts, responses, referenced content, timestamps, and user identity — and routes it into Purview for downstream use by eDiscovery, audit, insider risk, and DLP workflows. For enterprise AI apps beyond the Microsoft ecosystem, the same DSPM for AI console provides one-click policy deployment that extends collection to third-party AI application categories. This ensures that the organization's compliance coverage is symmetric — Copilot interactions and third-party AI interactions receive the same audit treatment. Because enterprise AI apps may be accessed through diverse network paths — direct internet, corporate proxy, or third-party SASE/SSE providers — administrators should verify that traffic from all access paths is reaching Purview. For organizations that route AI traffic through a third-party SASE or SSE provider rather than Microsoft Entra Internet Access, Purview supports SASE provider integration that pushes collection policy enforcement to the third-party proxy so that prompts and responses are captured even when traffic does not traverse Global Secure Access.

This activity supports Verify Explicitly by capturing the actual content of AI interactions for audit rather than relying on application-level logging that may be incomplete or unavailable. It supports Assume Breach by ensuring that if an AI service is compromised or misused, there is an independent record of what data flowed through it — both for first-party Copilot and for enterprise AI apps. If collection policies are not deployed, the organization cannot produce AI interaction records when regulators, auditors, or legal counsel require them. If policies cover only Copilot but not enterprise AI apps, the organization has an asymmetric compliance posture that both regulators and threat actors can exploit — sensitive data flowing through uncovered AI apps leaves no trace in the compliance record.

Reference

• Microsoft Purview data security and compliance protections for generative AI apps
• Collection policies for AI apps
• Create and deploy collection policies
• SASE provider integration for collection policies
• DSPM for AI considerations
• Microsoft 365 Copilot data protection and auditing
• Microsoft Purview service description — licensing